github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/builtin/providers/aws/resource_aws_iam_role_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "regexp" 9 10 "github.com/aws/aws-sdk-go/aws" 11 "github.com/aws/aws-sdk-go/aws/awserr" 12 "github.com/aws/aws-sdk-go/service/iam" 13 "github.com/hashicorp/terraform/helper/acctest" 14 "github.com/hashicorp/terraform/helper/resource" 15 "github.com/hashicorp/terraform/terraform" 16 ) 17 18 func TestAccAWSRole_basic(t *testing.T) { 19 var conf iam.GetRoleOutput 20 rName := acctest.RandString(10) 21 22 resource.Test(t, resource.TestCase{ 23 PreCheck: func() { testAccPreCheck(t) }, 24 Providers: testAccProviders, 25 CheckDestroy: testAccCheckAWSRoleDestroy, 26 Steps: []resource.TestStep{ 27 { 28 Config: testAccAWSRoleConfig(rName), 29 Check: resource.ComposeTestCheckFunc( 30 testAccCheckAWSRoleExists("aws_iam_role.role", &conf), 31 resource.TestCheckResourceAttr("aws_iam_role.role", "path", "/"), 32 resource.TestCheckResourceAttrSet("aws_iam_role.role", "create_date"), 33 ), 34 }, 35 }, 36 }) 37 } 38 39 func TestAccAWSRole_basicWithDescription(t *testing.T) { 40 var conf iam.GetRoleOutput 41 rName := acctest.RandString(10) 42 43 resource.Test(t, resource.TestCase{ 44 PreCheck: func() { testAccPreCheck(t) }, 45 Providers: testAccProviders, 46 CheckDestroy: testAccCheckAWSRoleDestroy, 47 Steps: []resource.TestStep{ 48 { 49 Config: testAccAWSRoleConfigWithDescription(rName), 50 Check: resource.ComposeTestCheckFunc( 51 testAccCheckAWSRoleExists("aws_iam_role.role", &conf), 52 resource.TestCheckResourceAttr("aws_iam_role.role", "path", "/"), 53 resource.TestCheckResourceAttr("aws_iam_role.role", "description", "This 1s a D3scr!pti0n with weird content: &@90ë“‘{«¡Çø}"), 54 ), 55 }, 56 { 57 Config: testAccAWSRoleConfigWithUpdatedDescription(rName), 58 Check: resource.ComposeTestCheckFunc( 59 testAccCheckAWSRoleExists("aws_iam_role.role", &conf), 60 resource.TestCheckResourceAttr("aws_iam_role.role", "path", "/"), 61 resource.TestCheckResourceAttr("aws_iam_role.role", "description", "This 1s an Upd@ted D3scr!pti0n with weird content: &90ë“‘{«¡Çø}"), 62 ), 63 }, 64 { 65 Config: testAccAWSRoleConfig(rName), 66 Check: resource.ComposeTestCheckFunc( 67 testAccCheckAWSRoleExists("aws_iam_role.role", &conf), 68 resource.TestCheckResourceAttrSet("aws_iam_role.role", "create_date"), 69 resource.TestCheckResourceAttr("aws_iam_role.role", "description", ""), 70 ), 71 }, 72 }, 73 }) 74 } 75 76 func TestAccAWSRole_namePrefix(t *testing.T) { 77 var conf iam.GetRoleOutput 78 rName := acctest.RandString(10) 79 80 resource.Test(t, resource.TestCase{ 81 PreCheck: func() { testAccPreCheck(t) }, 82 IDRefreshName: "aws_iam_role.role", 83 IDRefreshIgnore: []string{"name_prefix"}, 84 Providers: testAccProviders, 85 CheckDestroy: testAccCheckAWSRoleDestroy, 86 Steps: []resource.TestStep{ 87 { 88 Config: testAccAWSRolePrefixNameConfig(rName), 89 Check: resource.ComposeTestCheckFunc( 90 testAccCheckAWSRoleExists("aws_iam_role.role", &conf), 91 testAccCheckAWSRoleGeneratedNamePrefix( 92 "aws_iam_role.role", "test-role-"), 93 ), 94 }, 95 }, 96 }) 97 } 98 99 func TestAccAWSRole_testNameChange(t *testing.T) { 100 var conf iam.GetRoleOutput 101 rName := acctest.RandString(10) 102 103 resource.Test(t, resource.TestCase{ 104 PreCheck: func() { testAccPreCheck(t) }, 105 Providers: testAccProviders, 106 CheckDestroy: testAccCheckAWSRoleDestroy, 107 Steps: []resource.TestStep{ 108 { 109 Config: testAccAWSRolePre(rName), 110 Check: resource.ComposeTestCheckFunc( 111 testAccCheckAWSRoleExists("aws_iam_role.role_update_test", &conf), 112 ), 113 }, 114 115 { 116 Config: testAccAWSRolePost(rName), 117 Check: resource.ComposeTestCheckFunc( 118 testAccCheckAWSRoleExists("aws_iam_role.role_update_test", &conf), 119 ), 120 }, 121 }, 122 }) 123 } 124 125 func TestAccAWSRole_badJSON(t *testing.T) { 126 rName := acctest.RandString(10) 127 128 resource.Test(t, resource.TestCase{ 129 PreCheck: func() { testAccPreCheck(t) }, 130 Providers: testAccProviders, 131 CheckDestroy: testAccCheckAWSRoleDestroy, 132 Steps: []resource.TestStep{ 133 { 134 Config: testAccAWSRoleConfig_badJson(rName), 135 ExpectError: regexp.MustCompile(`.*contains an invalid JSON:.*`), 136 }, 137 }, 138 }) 139 } 140 141 func testAccCheckAWSRoleDestroy(s *terraform.State) error { 142 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 143 144 for _, rs := range s.RootModule().Resources { 145 if rs.Type != "aws_iam_role" { 146 continue 147 } 148 149 // Try to get role 150 _, err := iamconn.GetRole(&iam.GetRoleInput{ 151 RoleName: aws.String(rs.Primary.ID), 152 }) 153 if err == nil { 154 return fmt.Errorf("still exist.") 155 } 156 157 // Verify the error is what we want 158 ec2err, ok := err.(awserr.Error) 159 if !ok { 160 return err 161 } 162 if ec2err.Code() != "NoSuchEntity" { 163 return err 164 } 165 } 166 167 return nil 168 } 169 170 func testAccCheckAWSRoleExists(n string, res *iam.GetRoleOutput) resource.TestCheckFunc { 171 return func(s *terraform.State) error { 172 rs, ok := s.RootModule().Resources[n] 173 if !ok { 174 return fmt.Errorf("Not found: %s", n) 175 } 176 177 if rs.Primary.ID == "" { 178 return fmt.Errorf("No Role name is set") 179 } 180 181 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 182 183 resp, err := iamconn.GetRole(&iam.GetRoleInput{ 184 RoleName: aws.String(rs.Primary.ID), 185 }) 186 if err != nil { 187 return err 188 } 189 190 *res = *resp 191 192 return nil 193 } 194 } 195 196 func testAccCheckAWSRoleGeneratedNamePrefix(resource, prefix string) resource.TestCheckFunc { 197 return func(s *terraform.State) error { 198 r, ok := s.RootModule().Resources[resource] 199 if !ok { 200 return fmt.Errorf("Resource not found") 201 } 202 name, ok := r.Primary.Attributes["name"] 203 if !ok { 204 return fmt.Errorf("Name attr not found: %#v", r.Primary.Attributes) 205 } 206 if !strings.HasPrefix(name, prefix) { 207 return fmt.Errorf("Name: %q, does not have prefix: %q", name, prefix) 208 } 209 return nil 210 } 211 } 212 213 func testAccAWSRoleConfig(rName string) string { 214 return fmt.Sprintf(` 215 resource "aws_iam_role" "role" { 216 name = "test-role-%s" 217 path = "/" 218 assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}" 219 } 220 `, rName) 221 } 222 223 func testAccAWSRoleConfigWithDescription(rName string) string { 224 return fmt.Sprintf(` 225 resource "aws_iam_role" "role" { 226 name = "test-role-%s" 227 description = "This 1s a D3scr!pti0n with weird content: &@90ë“‘{«¡Çø}" 228 path = "/" 229 assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}" 230 } 231 `, rName) 232 } 233 234 func testAccAWSRoleConfigWithUpdatedDescription(rName string) string { 235 return fmt.Sprintf(` 236 resource "aws_iam_role" "role" { 237 name = "test-role-%s" 238 description = "This 1s an Upd@ted D3scr!pti0n with weird content: &90ë“‘{«¡Çø}" 239 path = "/" 240 assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}" 241 } 242 `, rName) 243 } 244 245 func testAccAWSRolePrefixNameConfig(rName string) string { 246 return fmt.Sprintf(` 247 resource "aws_iam_role" "role" { 248 name_prefix = "test-role-%s" 249 path = "/" 250 assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}" 251 } 252 `, rName) 253 } 254 255 func testAccAWSRolePre(rName string) string { 256 return fmt.Sprintf(` 257 resource "aws_iam_role" "role_update_test" { 258 name = "tf_old_name_%s" 259 path = "/test/" 260 assume_role_policy = <<EOF 261 { 262 "Version": "2012-10-17", 263 "Statement": [ 264 { 265 "Action": "sts:AssumeRole", 266 "Principal": { 267 "Service": "ec2.amazonaws.com" 268 }, 269 "Effect": "Allow", 270 "Sid": "" 271 } 272 ] 273 } 274 EOF 275 } 276 277 resource "aws_iam_role_policy" "role_update_test" { 278 name = "role_update_test_%s" 279 role = "${aws_iam_role.role_update_test.id}" 280 policy = <<EOF 281 { 282 "Version": "2012-10-17", 283 "Statement": [ 284 { 285 "Effect": "Allow", 286 "Action": [ 287 "s3:GetBucketLocation", 288 "s3:ListAllMyBuckets" 289 ], 290 "Resource": "arn:aws:s3:::*" 291 } 292 ] 293 } 294 EOF 295 } 296 297 resource "aws_iam_instance_profile" "role_update_test" { 298 name = "role_update_test_%s" 299 path = "/test/" 300 roles = ["${aws_iam_role.role_update_test.name}"] 301 } 302 `, rName, rName, rName) 303 } 304 305 func testAccAWSRolePost(rName string) string { 306 return fmt.Sprintf(` 307 resource "aws_iam_role" "role_update_test" { 308 name = "tf_new_name_%s" 309 path = "/test/" 310 assume_role_policy = <<EOF 311 { 312 "Version": "2012-10-17", 313 "Statement": [ 314 { 315 "Action": "sts:AssumeRole", 316 "Principal": { 317 "Service": "ec2.amazonaws.com" 318 }, 319 "Effect": "Allow", 320 "Sid": "" 321 } 322 ] 323 } 324 EOF 325 } 326 327 resource "aws_iam_role_policy" "role_update_test" { 328 name = "role_update_test_%s" 329 role = "${aws_iam_role.role_update_test.id}" 330 policy = <<EOF 331 { 332 "Version": "2012-10-17", 333 "Statement": [ 334 { 335 "Effect": "Allow", 336 "Action": [ 337 "s3:GetBucketLocation", 338 "s3:ListAllMyBuckets" 339 ], 340 "Resource": "arn:aws:s3:::*" 341 } 342 ] 343 } 344 EOF 345 } 346 347 resource "aws_iam_instance_profile" "role_update_test" { 348 name = "role_update_test_%s" 349 path = "/test/" 350 roles = ["${aws_iam_role.role_update_test.name}"] 351 } 352 `, rName, rName, rName) 353 } 354 355 func testAccAWSRoleConfig_badJson(rName string) string { 356 return fmt.Sprintf(` 357 resource "aws_iam_role" "my_instance_role" { 358 name = "test-role-%s" 359 360 assume_role_policy = <<POLICY 361 { 362 "Version": "2012-10-17", 363 "Statement": [ 364 { 365 "Action": "sts:AssumeRole", 366 "Principal": { 367 "Service": "ec2.amazonaws.com", 368 }, 369 "Effect": "Allow", 370 "Sid": "" 371 } 372 ] 373 } 374 POLICY 375 } 376 `, rName) 377 }